JS in PDF might be a mis-feature, but any security lapse is indeed a bug in the implementation (made doubly worse by firefox running the JS in a web context).
Yes, removing JS support would get rid of potential security exploits. It doesn't change the fact that said exploits rely on bugs in the implementation.
Yes. Bugs. Bugs can be fixed.
By-design (mis)features can't be fixed. The only way to fix them is by removing the feature.
Unless you're agreeing that JS-in-PDFs is a bug, you're conflating fundamentally different issues.